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AMENDMENTS TO THE CLAIMS 

The listing of claims will replace all prior versions, and listings, of claims in the 
application: 
Listine of Claims: 

1. (Canceled). 

2. (Previously Presented) A method of verifying that a server is authorized to 
provide resources to a client, the method comprising acts of: 

generating a server authentication request at the client to verify that the server is 
authorized to provide at least one resource to the client; 

transmitting the server authentication request to the server; 

receiving an encrypted server authentication response from the server; 

decrypting the server authentication response without user interaction in order to 
prevent a user from colluding with an unauthorized server to circumvent server 
authentication; and 

disabling one or more client functions unless the decrypted server authentication 
response indicates that the server is authorized to provide the at least one resource to the 
client. 

3. (Previously Presented) A method as recited in claim 2, further comprising an act 
of activating one or more functions of the client if the server authentication response indicates 
that the server is authorized to provide at least one resource to the client. 

4. (Previously Presented) A method as recited in claim 2, further comprising an act 
of waiting to disable the one or more functions until after a grace period. 
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5. (Previously Presented) A method as recited in claim 2, wherein the server 
authentication response indicates that the server is authorized to provide the at least one resource 
to the client, the method further comprising acts of: 

while the server is authorized to provide the at least one resource to the client, 
periodically: 

generating one or more subsequent server authentication requests at a 

client; 

transmitting the one or more subsequent server authentication requests to 
the server; 

for each of the one or more subsequent server authentication requests, 
receiving a subsequent encrypted server authentication response; 

decrypting each subsequent server authentication response; and 
for each of the one or more subsequent server authentication responses, 
disabling one or more client functions when a response fails to indicate that the 
server is authorized to provide the at least one resource to the client. 

6. (Previously Presented) A method as recited in claim 5, wherein at least one server 
authentication response comprises expiration information, the method further comprising an act 
of determining when at least one subsequent authentication request should occur based on the 
expiration information. 

7. (Previously Presented) A method as recited in claim 2, wherein the server 
authentication request comprises an encryption key and a random number, the method further 
comprising an act of encrypting the server authentication request. 
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8. (Currently Amended) A method of verifying that a server is authorized to provide 
resources to a client, the method comprising acts of: 

generating a server authentication request at the client , the server authentication 
request being encrypted with one or more encryption keys such that only an authorized 
server is able to decrypt the server authentication request ; 

transmitting the server authentication request to the server; 

determining that no response to the server authentication request has been 
received by the client after an allotted period of time; 

interpreting no response as an indication that the server is not authorized to 
provide resources to the client; and 

disabling one or more client functions. 

9. (Previously Presented) A method as recited in claim 8, further comprising an act 
of waiting to disable the one or more functions until after a grace period. 

10. (Previously Presented) A method as recited in claim 8, further comprising acts of 
periodically: 

generating one or more subsequent server authentication requests at a client; 

transmitting the one or more subsequent server authentication requests to one or 
more subsequent servers; 

for each of the one or more subsequent server authentication requests, receiving a 
subsequent encrypted server authentication response; 

decrypting each subsequent server authentication response; and 

for each of the one or more subsequent server authentication responses: 

disabling one or more client functions when a response fails to indicate 

that a subsequent server is authorized to provide at least one resources to the 

client; and 

activating one or more client functions when a response indicates that the 
server is authorized to provide at least one resource to the client. 
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11. (Previously Presented) A method as recited in claim 10, wherein at least one 
server authentication response comprises expiration information, the method further comprising 
an act of determining when at least one subsequent authentication request should occur based on 
the expiration information. 
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12. (Currently Amended) A computer program product for implementing a method of 
verifying that a server is authorized to provide resources to a client, the computer program 
product comprising a computer readable medium carrying computer executable instructions that 
implement the method, wherein the method comprises acts of: 

generating a server authentication request at the client to verify that the server is 
authorized to provide at least one resource to the client; 

transmitting the server authentication request to the server; 

receiving an encrypted server authentication response from the server; 

d e crypting using a decryption key encoded in hardware at the client system to 
decrypt the server authentication response without us e r int e raction in order to prevent 
rogue software or operators of the client system a us e r from colluding with— m 
unauthoriz e d the server to circumvent server authentication; and 

disabling one or more client functions unless the decrypted server authentication 
response indicates that the server is authorized to provide the at least one resource to the 
client. 

13. (Previously Presented) A computer program product as recited in claim 12, the 
method further comprising an act of activating one or more functions of the client if the server 
authentication response indicates that the server is authorized to provide at least one resources to 
the client. 

14. (Previously Presented) A computer program product as recited in claim 12, the 
method further comprising an act of waiting to disable the one or more functions until after a 
grace period. 



Page 6 of 15 



Application No. 09/978,536 

Amendment "D" dated November 12, 2004 

Reply to Office Action mailed August 1 2, 2004 

15. (Previously Presented) A computer program product as recited in claim 12, 
wherein the server authentication response indicates that the server is authorized to provide the at 
least one resource to the client, the method further comprising acts of: 

while the server is authorized to provide the at least one resource to the client, 
periodically: 

generating one or more subsequent server authentication requests at a 

client; 

transmitting the one or more subsequent server authentication requests to 
the server; 

for each of the one or more subsequent server authentication requests, 
receiving a subsequent encrypted server authentication response; 

decrypting each subsequent server authentication response; and 
for each of the one or more subsequent server authentication responses, 
disabling one or more client functions when a response fails to indicate that the 
server is authorized to provide the at least one resource to the client. 

16. (Previously Presented) A computer program product as recited in claim 15, 
wherein at least one server authentication response comprises expiration information, the method 
further comprising an act of determining when at least one subsequent authentication request 
should occur based on the expiration information. 

17. (Previously Presented) A computer program product as recited in claim 12, 
wherein the server authentication request comprises an encryption key and a random number, the 
method further comprising an act of encrypting the server authentication request. 
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18. (Previously Presented) A computer program product for implementing a method 
of verifying that a server is authorized to provide resources to a client, the computer program 
product comprising a computer readable medium carrying computer executable instructions that 
implement the method, wherein the method comprises acts of: 

generating a server authentication request at the client; 

transmitting the server authentication request to the server; 

determining that no response to the server authentication request has been 
received by the client after an allotted period of time; 

interpreting no response as an indication that the server is not authorized to 
provide resources to the client; and 

disabling one or more client functions. 

19. (Previously Presented) A computer program product as recited in claim 18, the 
method further comprising an act of waiting to disable the one or more functions until after a 
grace period. 

20. (Previously Presented) A computer program product as recited in claim 18, the 
method further comprising acts of periodically: 

generating one or more subsequent server authentication requests at a client; 

transmitting the one or more subsequent server authentication requests to one or 
more subsequent servers; 

for each of the one or more subsequent server authentication requests, receiving a 
subsequent encrypted server authentication response; 

decrypting each subsequent server authentication response; and 

for each of the one or more subsequent server authentication responses: 

disabling one or more client functions when a response fails to indicate 

that a subsequent server is authorized to provide at least one resource to the client; 

and 

activating one or more client functions when a response indicates that the 
server is authorized to provide at least one resource to the client. 
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21. (Previously Presented) A computer program product as recited in claim 20, 
wherein at least one server authentication response comprises expiration information, the method 
further comprising an act of determining when at least one subsequent authentication request 
should occur based on the expiration information. 

22. (Canceled). 
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